Create Security and Response policy #290
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
name: Verilator | |
on: | |
push: | |
branches: ["main", "dev-goog", "dev-msft"] | |
pull_request: | |
workflow_dispatch: | |
env: | |
CARGO_INCREMENTAL: 0 | |
SCCACHE_VERSION: 0.3.3 | |
RISCV_VERSION: v12.1.0 | |
VERILATOR_VERSION: v5.012 | |
PKG_CONFIG_PATH: /opt/verilator/share/pkgconfig | |
SCCACHE_GHA_CACHE_TO: sccache-verilator-10000 | |
SCCACHE_GHA_CACHE_FROM: sccache-verilator- | |
# Change this to a new random value if you suspect the cache is corrupted | |
SCCACHE_C_CUSTOM_CACHE_BUSTER: f3e6951f0c1d | |
jobs: | |
build_tools: | |
name: Build Tools | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'true' | |
- name: Restore Cargo index | |
uses: actions/cache/restore@v3 | |
id: cargo_index_restore | |
with: | |
path: ~/.cargo/registry/index | |
key: cargo-index-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }}-${{ hashFiles('Cargo.lock') }} | |
- name: Restore sccache binary | |
uses: actions/cache/restore@v3 | |
id: sccache_bin_restore | |
with: | |
path: ~/.cargo/bin/sccache | |
key: sccache-bin-${{ env.SCCACHE_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Install sccache | |
if: steps.sccache_bin_restore.outputs.cache-hit != 'true' | |
run: | | |
cargo install sccache --version ${SCCACHE_VERSION} --no-default-features --features=gha | |
- name: Save sccache binary | |
uses: actions/cache/save@v3 | |
if: steps.sccache_bin_restore.outputs.cache-hit != 'true' | |
with: | |
path: ~/.cargo/bin/sccache | |
key: sccache-bin-${{ env.SCCACHE_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Configure sccache | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); | |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); | |
- name: Restore verilator dir | |
uses: actions/cache/restore@v3 | |
id: verilator_restore | |
with: | |
path: /opt/verilator | |
key: verilator-${{ env.VERILATOR_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Install verilator | |
if: steps.verilator_restore.outputs.cache-hit != 'true' | |
run: | | |
sudo apt-get install flex bison libfl2 libfl-dev help2man | |
cd /tmp/ | |
git clone -b "${VERILATOR_VERSION}" https://github.com/verilator/verilator | |
cd verilator | |
autoconf | |
./configure --prefix=/opt/verilator CXX="sccache g++" | |
make -j6 | |
sudo make install | |
- name: Save verilator dir | |
uses: actions/cache/save@v3 | |
if: steps.verilator_restore.outputs.cache-hit != 'true' | |
with: | |
path: /opt/verilator | |
key: verilator-${{ env.VERILATOR_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Setup verilator path | |
run: | | |
echo /opt/verilator/bin >> $GITHUB_PATH | |
- name: Restore Risc V Toolchain | |
uses: actions/cache/restore@v3 | |
id: riscv_restore | |
with: | |
path: /opt/riscv | |
key: riscv-${{ env.RISCV_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Install Risc V Toolchain | |
if: steps.riscv_restore.outputs.cache-hit != 'true' | |
run: | | |
# Building from source takes around 6.65 GB of disk and download size | |
wget -O toolchain.tar.gz https://github.com/stnolting/riscv-gcc-prebuilt/releases/download/rv64imc-3.0.0/riscv64-unknown-elf.gcc-12.1.0.tar.gz | |
mkdir /opt/riscv | |
tar -xzf toolchain.tar.gz -C /opt/riscv/ | |
- name: Save riscv dir | |
uses: actions/cache/save@v3 | |
if: steps.riscv_restore.outputs.cache-hit != 'true' | |
with: | |
path: /opt/riscv | |
key: riscv-${{ env.RISCV_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Setup riscv path | |
run: | | |
echo /opt/riscv/bin >> $GITHUB_PATH | |
build_matrix: | |
name: Build Smoke Test matrix | |
runs-on: ubuntu-22.04 | |
needs: build_tools | |
outputs: | |
test_names: ${{ steps.output-matrix.outputs.test_names }} | |
env: | |
EXCLUDE_TESTS: "smoke_test_clk_gating, smoke_test_cg_wdt, smoke_test_mbox_cg, smoke_test_kv_cg, smoke_test_doe_cg" | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install deps | |
run: | | |
sudo apt-get update -qy && sudo apt-get install -qy --no-install-recommends \ | |
python3-minimal python3-yaml | |
- name: Build matrix | |
id: output-matrix | |
run: | | |
echo "test_names=$(python3 .github/scripts/build_tests_matrix.py)" >> $GITHUB_OUTPUT | |
build_and_test: | |
name: Verilator | |
runs-on: ubuntu-22.04 | |
needs: build_matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
test_name: ${{fromJSON(needs.build_matrix.outputs.test_names)}} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'true' | |
- name: Restore Cargo index | |
uses: actions/cache/restore@v3 | |
id: cargo_index_restore | |
with: | |
path: ~/.cargo/registry/index | |
key: cargo-index-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }}-${{ hashFiles('Cargo.lock') }} | |
- name: Restore sccache binary | |
uses: actions/cache/restore@v3 | |
id: sccache_bin_restore | |
with: | |
path: ~/.cargo/bin/sccache | |
key: sccache-bin-${{ env.SCCACHE_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Restore verilator dir | |
uses: actions/cache/restore@v3 | |
id: verilator_restore | |
with: | |
path: /opt/verilator | |
key: verilator-${{ env.VERILATOR_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Restore Risc V Toolchain | |
uses: actions/cache/restore@v3 | |
id: riscv_restore | |
with: | |
path: /opt/riscv | |
key: riscv-${{ env.RISCV_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }} | |
- name: Setup verilator path | |
run: | | |
echo /opt/verilator/bin >> $GITHUB_PATH | |
- name: Setup riscv path | |
run: | | |
echo /opt/riscv/bin >> $GITHUB_PATH | |
- name: Run Caliptra Verilator Smoke Test | |
run: | | |
CALIPTRA_ROOT=$(pwd) | |
cd tools/scripts | |
make verilator CALIPTRA_ROOT=$CALIPTRA_ROOT TESTNAME=${{ matrix.test_name }} | tee output.log | |
# Search the last 30 lines of the output for "TESTCASE PASSED" | |
tail -n 30 output.log | grep "TESTCASE PASSED" | |
# grep will return 0 if the search term is found, and 1 otherwise | |
# A non-zero value will cause the github action to fail. | |
exit $? | |